P
US11693940B2ActiveUtilityPatentIndex 60

Partitioned platform security mechanism

Assignee: INTEL CORPPriority: Jun 23, 2021Filed: Jun 23, 2021Granted: Jul 4, 2023
Est. expiryJun 23, 2041(~15 yrs left)· nominal 20-yr term from priority
Inventors:PILLILLI BHARATPALMER DAVID WRADOVANOVIC NIKOLA
G06F 21/73G06F 21/33G06F 21/572G06F 21/44G06F 21/575G06F 21/71G06F 2221/2129G06F 21/85
60
PatentIndex Score
0
Cited by
9
References
20
Claims

Abstract

A computer platform is disclosed. The computer platform comprises a central processing unit (CPU) including at least one socket having a plurality of tiles and control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer platform comprising:
 a central processing unit (CPU) including:
 at least one socket having a plurality of tiles; and 
 control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources. 
 
 
     
     
       2. The computer platform of  claim 1 , wherein assigning the unique identity to each of the plurality of sub-sockets comprises generating a first active component root of trust (AC-ROT) Leaf associated with a first of the plurality of sub-sockets and generating a second active component AC-ROT Leaf associated with a second of the plurality of sub-sockets. 
     
     
       3. The computer platform of  claim 2 , wherein the first AC-ROT Leaf and the second AC-ROT Leaf are generated using an AC-ROT Root. 
     
     
       4. The computer platform of  claim 3 , wherein the AC-ROT Root comprises an AC-ROT associated with the CPU. 
     
     
       5. The computer platform of  claim 4 , wherein the AC-ROT Root operates as a certificate of authority to generate a first certificate chain associated with the first AC-ROT Leaf and a second certificate chain associated with the second AC-ROT Leaf. 
     
     
       6. The computer platform of  claim 5 , wherein the certificate chain comprises a leaf identity, an indication that an identified Leaf has been cryptographically signed by the AC-ROT Root and an on-device device signature authority associated with a manufacturer of the CPU. 
     
     
       7. The computer platform of  claim 6 , wherein the AC-ROT Leaf receives a device identifier public key signed by the AC-ROT Root. 
     
     
       8. The computer platform of  claim 7 , wherein the platform further comprises a security engine to operate is a root of trust for the platform. 
     
     
       9. The computer platform of  claim 8 , wherein the security engine verifies the identity of the first sub-socket via the first AC-ROT Leaf and verifies the identity of the second sub-socket via the second AC-ROT Leaf. 
     
     
       10. A method comprising:
 detecting a partitioning of a central processing unit (CPU) socket having a plurality of tiles into plurality of plurality of sub-sockets; and 
 assigning a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources. 
 
     
     
       11. The method of  claim 10 , wherein assigning the unique identity to each of the plurality of sub-sockets comprises:
 generating a first active component root of trust (AC-ROT) Leaf associated with a first of the plurality of sub-sockets; and 
 generating a second active component AC-ROT Leaf associated with a second of the plurality of sub-sockets. 
 
     
     
       12. The method of  claim 11 , wherein the first AC-ROT Leaf and the second AC-ROT Leaf are generated using an AC-ROT Root. 
     
     
       13. The method of  claim 12 , wherein the AC-ROT Root comprises a CPU AC-ROT associated with the CPU. 
     
     
       14. The method of  claim 13 , wherein the AC-ROT Root operates as a certificate of authority to generate a first certificate chain associated with the first AC-ROT Leaf and a second certificate chain associated with the second AC-ROT Leaf. 
     
     
       15. The method of  claim 13 , further comprising:
 verifying the identity of the first sub-socket via the first AC-ROT Leaf at a platform root of trust; and 
 verifying the identity of the second sub-socket via the second AC-ROT Leaf at the platform root of trust. 
 
     
     
       16. A system on chip (SOC) comprising:
 a central processing unit (CPU) including:
 at least one socket having a plurality of tiles; and 
 control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources; and 
 
 a security engine to verify the identity of the plurality of sub-sockets. 
 
     
     
       17. The SOC of  claim 16 , wherein assigning the unique identity to each of the plurality of sub-sockets comprises generating a first active component root of trust (AC-ROT) Leaf associated with a first of the plurality of sub-sockets and generating a second active component AC-ROT Leaf associated with a second of the plurality of sub-sockets. 
     
     
       18. The SOC of  claim 17 , wherein the first AC-ROT Leaf and the second AC-ROT Leaf are generated using an AC-ROT Root. 
     
     
       19. The SOC of  claim 18 , wherein the AC-ROT Root operates as a certificate of authority to generate a first certificate chain associated with the first AC-ROT Leaf and a second certificate chain associated with the second AC-ROT Leaf. 
     
     
       20. The SOC of  claim 19 , wherein the security engine verifies the identity of the first sub-socket via the first AC-ROT Leaf and verifies the identity of the second sub-socket via the second AC-ROT Leaf.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.